To work with remote devices via SSH, Aria Automation Orchestrator (formerly vRealize Orchestrator) has an SSH Plug-in. However, this plugin does not work as expected. It implements SSHHostManager and SSHHost objects and has a set of host management processes. But all the useful work is performed by the SSHSession object, which is not related to SSHHost objects.
That is, you can create a set of SSH hosts, specifying all the connection parameters, you can get a list of hosts, change them, configure them. But to execute commands and transfer files, you need to create another object: SSHSession and specify all the connection parameters again. Why were SSHHost objects created then? The plugin development was abandoned halfway through, it clearly lacks a method: SSHHost.createSshSession(). You can try to use data from SSHHost objects to create SSHSession, but…
- When creating SSHHost, the path to the SSHHost.sshHostConfiguration.certificatePath key is not saved in the configuration.
- Passwords are not stored as SecureString, but as EncryptedString (only the plugin itself can access the decrypted text).
A workaround can be suggested:
- Configure vRO to decrypt EncryptedString: https://cloudblogger.co.in/2023/04/14/decrypt-vro-encrypted-string-using-vro-workflow-cb10112/;
- Download a package of processes that receive all the necessary data from SSH:Host objects (the path to the private key, if necessary, must be specified in rootFolders when creating the host).
However, for security reasons, it is recommended to work only with those tools that are already in vRO.
Using keys
When there is a choice between connecting with a password or with a key, it is better to use keys. Keys provide a higher level of security, and this is already enough to spend a little more time on learning and configuring.
The “Generate key pair” process creates a key for vRO and saves it as /var/lib/vco/app-server/conf/vco_key. If you need a key with a different name, call KeyPairManager.generateKeyPair(…) with the necessary parameters. The path to the keys /var/lib/vco/app-server/conf/ is the path in the vco-server-app container (pod vco-app), where the real directory from the vRA/vRO server is mounted – /data/vco/usr/lib/vco/app-server/conf/. If you need to use your own key instead of the one generated by vRO, place it in this directory, but specify the path /var/lib/vco/app-server/conf/ in the vRO processes. During authentication with such a key, an error may occur: “Unable to execute command: InternalError: invalid privatekey”, this means that the format of your key differs from the expected PEM format:
# Convert private key to PEM format:
ssh-keygen -p -f test_key -m pem
# Change or set passphrase on key:
ssh-keygen -p -f test_keyWorking with files on the vRO server
The processes of sending and receiving a file via SSH only work with files located on the vRO server. This means that you need to somehow create these files, save information in them, and also read them.
// Create a temporary file
var tmpFile = System.createTempFile();
tmpFile.write("Test message");
var tmpFileName = System.getTempDirectory() + "/" + tmpFile.name;
// Create a new file and write a string to it
var fileName = System.getTempDirectory() + "/" + System.nextUUID();
var writer = new FileWriter(fileName);
writer.open();
writer.write(content);
writer.close();
// Read the file contents
var reader = new FileReader(fileName);
reader.open();
var content = reader.readAll();
reader.close();
// Delete the file
var file = new File(fileName);
file.deleteFile();Directory for temporary files on the server: /data/vco/usr/lib/vco/app-server/temp, it is mounted in the vco container in /usr/lib/vco/app-server/temp (this path is exactly what the System.getTempDirectory() method returns).
Files to the article
com.vmware.library.ssh.add.package.zip – package with additional processes